fbe7e5a9e21fc3fa1dc9f500bbf24ce6

Sharing

Copy URL Twitter E-mail

General

Target

fbe7e5a9e21fc3fa1dc9f500bbf24ce6
Size

329KB
MD5

fbe7e5a9e21fc3fa1dc9f500bbf24ce6
SHA1

43e864b6337891b7f3610410336664b7ced44d23
SHA256

16285ab97cb456e222dbcbee2c2040864da24580fc099ea6995b29a44904ba0d
SHA512

3219c62385ac711010d3606ed92a627b4fba9c8e038928456cd4047f41ff50728cf8022cb29cded0ec52b4e0cc9e6fa2ebb3d7732217571072f38ec83a83a2e9
SSDEEP

6144:MF4mRcwBIg/VdKPUbGtt7ohPAqAv5XxW+CL5CPXGob1:MBOw6gdpSt1ohQ9l+U1

Score

1^/10

Malware Config

Signatures

Files

fbe7e5a9e21fc3fa1dc9f500bbf24ce6
.exe windows:4 windows x86 arch:x86

8e57ab546389008dfcb1d29cc2c89037

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:37:34:17:1c:2a:d1:b6:0c:67:42:67:62:0a:6c:93
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

05/03/2015, 23:59

Subject

CN=PDA Distribution LLC,O=PDA Distribution LLC,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

f9:ea:27:3e:2a:32:15:1b:c9:40:fb:50:df:4e:14:8c:f9:f1:86:3b
Signer

Actual PE Digest

f9:ea:27:3e:2a:32:15:1b:c9:40:fb:50:df:4e:14:8c:f9:f1:86:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
GetEnvironmentStrings
MultiByteToWideChar
HeapDestroy
LoadLibraryW
InterlockedDecrement
ReadFile
TlsFree
CloseHandle
GetACP
DisableThreadLibraryCalls
lstrcmpiW
GetTickCount
GetModuleHandleA
GetCommandLineA
GetFileType
DeleteFileW
LocalAlloc
SetFilePointer
UnmapViewOfFile
GlobalFree
GetStringTypeW
FreeLibrary
CompareStringW
WideCharToMultiByte
FreeEnvironmentStringsA
GetAtomNameW
IsValidCodePage
ConvertThreadToFiber
GetNumberOfConsoleMouseButtons
HeapFree
ExitProcess
GetCurrentProcess
Sleep

user32

ReleaseDC
BeginPaint
DestroyWindow
IntersectRect
KillTimer
SendMessageW
GetKeyState
LoadIconW
ShowWindow
SetTimer
PeekMessageW
PostMessageW
OffsetRect
GetWindowTextW

gdi32

GetTextMetricsA
CreateFontA
BitBlt
LineTo
GetPaletteEntries
StartPage
SetViewportOrgEx
TextOutW
EndPage

advapi32

RegCreateKeyW
FlushTraceW
CryptGenRandom
RegDeleteValueA
SetThreadToken
RegQueryValueExW
CryptDeriveKey
LookupPrivilegeValueW

ole32

CoImpersonateClient
CoInitialize
OleUninitialize
CoTaskMemAlloc
HWND_UserSize
CoUninitialize

rpcrt4

IUnknown_QueryInterface_Proxy
NdrDllCanUnloadNow
RpcRevertToSelf
UuidFromStringW
CStdStubBuffer_Invoke
RpcStringBindingComposeW
NdrClientCall2
NdrDllRegisterProxy

Sections

.text
Size: 278KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e57ab546389008dfcb1d29cc2c89037

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

07:37:34:17:1c:2a:d1:b6:0c:67:42:67:62:0a:6c:93Certificate

Extended Key Usages

f9:ea:27:3e:2a:32:15:1b:c9:40:fb:50:df:4e:14:8c:f9:f1:86:3bSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

rpcrt4

Sections

.text Size: 278KB - Virtual size: 309KB

.rdata Size: 17KB - Virtual size: 16KB

.idata Size: 7KB - Virtual size: 8KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 15KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

07:37:34:17:1c:2a:d1:b6:0c:67:42:67:62:0a:6c:93
Certificate

f9:ea:27:3e:2a:32:15:1b:c9:40:fb:50:df:4e:14:8c:f9:f1:86:3b
Signer

.text
Size: 278KB - Virtual size: 309KB

.rdata
Size: 17KB - Virtual size: 16KB

.idata
Size: 7KB - Virtual size: 8KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 15KB